Omada SDN with Non-Omada L2 Switch
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
I would like to segment my network such that devices plugged into an L2 switch that are on separate VLANs are unable to communicate.
Network Topology
Software Controller
Router ER605 v1.0
AP: EAP610 v1.0
Switch: TL-SG1024DE
I have not been able to get Switch ACLs working, so I have set up a Test VLAN specifically to try to segment the network. It is configured as follows:
TL-SG1024DE VLAN 110
Tagged Ports: 1
Untagged Ports: 2
Port 2 PVID: 110
TL-SG1024DE port 1 is plugged into port 2 of the ER605
AP610 is plugged into port 3 of the ER605
Test VLAN
Purpose: Interface
LAN Interfaces: All checked
VLAN: 110
Gateway/Subnet: 192.168.110.1/24
DHCP Server: Checked
DHCP Range: 192.168.110.1-192.168.110.254
DNS Server: Auto
Lease Time: 120
Default Gateway: Auto
Switch ACL
Status: Enable
Policy: Deny
Protocols: All
Ethertype: Unchecked
Rule:
Source Type: Network = Test
Destination Type: Network = LAN
Binding Type: Ports
Ports: All Ports
EAP ACL
Status: Enable
Policy: Deny
Protocols: All
Rule:
Source Type: Network = Test
Destination Type: Network = LAN
I have a Test SSID that is set to be part of the Test (110) VLAN and not set as a guest. I have a Raspberry Pi I have plugged into port 2 of the TL-SG1024DE. Nothing seems to stop me from being able to ping a computer on the LAN network. If I disconnect the ethernet from the Raspberry Pi and connect to the Test SSID, everything works as expected. I am not able to connect to devices on the LAN network. In both cases, I get an IP address in the 110 subnet as expected.
I would like to be able to segment traffic between ports on the switch. For example, I would like port 2 to not be able to ping a device on port 3. Is this some sort of limitation where traffic is not routed through the ER605 for devices connected to the switch, or am I missing something in the ACL that is keeping this from working as desired?
This post seems related and indicates my suspicion that it is related to my non-Omada switch:
https://community.tp-link.com/en/business/forum/topic/275432
This post seems to indicate it might be possible, but it isn't clear if the non-Omada switch is part of the equation for the ACLs
https://community.tp-link.com/en/business/forum/topic/578150
